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Response to Amendment 

This Office Action is in response to a communication made on January 26, 2007. 

Claims 7-12 and 14 have been amended. 

Claims 1-6 and 13 have been cancelled. 

Claims 7-12 and 14-16 are pending in this application. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 7 and 10-14 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Feigen (5699513) in view of Coile (6473406). 

Regarding claim 7, Feigen teaches a method for allowing a client application to 
establish, in a client network, a first connection having a first security level with a first 
port of a server application hosted in a server machine linked to a server network, in 
order to send messages addressed to the server machine, said messages passing from 
the client network to the server network through a network layer of a gateway machine 
(Figure 3, security server is the gateway), the method comprising: 

creating a second port in the gateway machine; 
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rerouting to the second port of the gateway machine, by ordering the network 
layer of the gateway any message sent and addressed to the first port of the server 
machine (Column 4 * lines 4-11); 

listening to the second port to detect a request to establish said first connection 
(Column 4, lines 12-19) and; 

generating, in the gateway machine, a thread which establishes said first 
connection (Column 4, lines 22 - 31). 

Feigen does not explicitly indicate that any addressed message to the first port is 
received at the second port, and creating based on the message a connection with the 
first port of the server application. 

Coile teaches a system of providing transparent message security and filtering 
which includes any addressed message to the first port is received at the second port, 
and creating based on the message a connection with the first port of the server 
application (Column 8, lines 49 - 67). 

It would have been obvious to one of ordinary skill in the art at the time the 
, invention was made to use Coile's teaching of transparency in Feigen so that the client 
never has to act according to any packet filtering and separate security issues, and only 
operate as if using the first server. 

Regarding claims 10 and 11, Feigen teaches a method according to claims 7 
and 8, wherein said creating and rerouting are executed automatically by a first process 
of the gateway machine and said first process generates a second process that 
executes said listening and generating (Column 4, lines 12-31). 
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Regarding claim 14, Feigen teaches a method for allowing a client application to 
establish in a client network a first connection having a first security level, directly with a 
first port of a server application hosted in a server machine linked to a server network, in 
order to send messages addressed to the server machine, said messages passing from 
the client network to the server network through a network layer of a gateway machine 
(Figure 3, security server is the gateway), the method comprising: 

generating, in the gateway machine, a thread which establishes said first 
connection; and 

activating, in the gateway machine, a secure application proxy that reroutes the 
messages from the first connection, in a way that is transparent to the client application 
(Column 4, lines 4 - 1 1 ), so as to establish a second connection having a second 
security level with the server application, said second connection being unknown to said 
client application (Column 4, lines 22 - 31 ), 

wherein said generating is performed in response to the detection of the reguest 
addressed to the first port of the server application to establish said first connection. 

Feigen does not explicitly indicate that any addressed message to the first port is 
received at the second port, and creating based on the message a connection with the 
first port of the server application. 

Coile teaches a system of providing transparent message security and filtering 
which includes any addressed message to the first port is received at the second port, 
and creating based on the message a connection with the first port of the server 
application (Column 8, lines 49 - 67). 
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It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Coile's teaching of transparency in Feigen so that the client 
never has to act according to any packet filtering and separate security issues, and only 
operate as if using the first server. 

Claims 8-9 and 15-16 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Feigen in view of in view of Coile (6473406), and in further yiew 
of Winiger (5845068). 

Regarding claim 8, Feigen teaches a method according to claim 7. 

Feigen does not explicitly indicate defining a third port of the server application 
for receiving at least one of the messages with a second secuhty level; wherein said 
thread comprises: 

establishes said first connection in a first phase with the first security level in a 
first interface associated with the second port and with said request; 

establishes in a second phase a second connection with the second level of 
security in a second interface to the third port in the server machine; 

writes with the second security level in the second interface any message read in 
the first interface with the first security level in a third phase, and 

writes with the first security level in the first interface any message read in the 
second interlace with the second security level in a fourth phase. 

Winiger teaches a method according to claim 7, further comprising: 
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defining a third port of the server application for receiving at least one of the 
messages with a second security level (Column 4, line 67 - Column 5, line 4); and 
whereas said thread comprises: 

establishes said first connection in a first phase with a first security level in a first 
interface associated with the second port and with said request; 

establishes in a second phase a second connection with a second level of 
security in a second interface to the third port in the server machine (Column 4, line 67 
- Column 5, line 6, where the system allows a new connection to open and request a 
socket of the server application, if the socket is open it allows a new connection to be 
made at a specified security level, which can be different then a previously opened 
socket or port which is operating at a completely separate security layer or label); 

writes with the second security level in the second interface any message read in 
the first interface with the first security level in a third phase, and; 

writes with the first security level in the first interface any message read in the 
second interlace with the second security level in a fourth phase (Column 5, lines 10 - 
14; Column 4, lines 44 - 51 where when the system opens a socket at a certain security 
level it responses with the response that contains the identification of the security level 
in the response header). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Winiger's teaching of multiple security classification levels in 
Feigen's system in order to allow a certain resources to be accessed by only certain 
clearance levels, which increases security and flexibility. 
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Regarding claim 9, Feigen teaches a method according to claim 8. 

Feigen does not explicitly indicate deleting by ordering the network layer of the 
gateway machine, any message sent to the third port. 

Winiger teaches deleting by ordering the network layer of the gateway machine 
any message sent to the third port (Column 6, lines 6 - 9). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Winiger's teaching of multiple security classification levels in 
Feigen's system in order to allow a certain resources to be accessed by only certain 
clearance levels, which increases security and blocks invalid attempts at resources 
which clearance has not been granted. 

Regarding claim 12, Feigen teaches a method according to claim 9, further 
comprising automatically executing the steps of creating, rerouting and deleting by a 
first process of the gateway machine and generating by said first process a second 
process that executes the steps of listening and generating a thread (Column 4, lines 12 
-31). 

Regarding claim 15, Feigen teaches a method according to claim 10. 

Feigen does not explicitly indicate defining a third port of the server application 
for receiving at least one of the messages with a second security level deleting by 
ordering the network layer of the gateway machine, any message sent to the third port. 

Winiger teaches defining a third port of the server application for receiving at 
least one of the messages with a second security level (Column 4, line 67 - Column 5, 
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line 4) and deleting by ordering the network layer of the gateway machine any message 
sent to the third port (Column 6, lines 6 - 9). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Winiger's teaching of multiple security classification levels in 
Feigen's system in order to allow a certain resources to be accessed by only certain 
clearance levels, which increases security and blocks invalid attempts at resources 
which clearance has not been granted. 

Regarding claim 16, Feigen teaches a method according to claim 15, further 
comprising: automatically executing said creating, rerouting, and deleting, by a first 
process of the gateway machine, and generating, by said first process, a second 
process that executing said listening and generating (Column 4, lines 12-31). 

Response to Arguments 

Applicant's arguments filed January 26, 2007 have been fully considered but they 
are not persuasive. 

The applicant argues that the reference, Feigen, does not explicitly indicate 
generating a thread in response to the detection of the request addressed to the first 
port of the server application. 

The examiner agrees, that the reference, Feigen, teaches the second request in 
the system being directed to the security host rather than the port on the server 
application. However, Coile, the reference teaches an improved handler of intercepting 
server requests that is transparent to the client. This transparency means that the client 
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will always address the server, while the interceptor and security process checks the 
requests and forwards valid requests to the server application (Column 8, lines 49 - 67). 
So as seen the combination of the references teach the claimed limitation. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kevin Bates whose telephone number is (571) 272- 
3980. The examiner can normally be reached on 9 am - 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Saleh Najjar can be reached on (571 ) 272-4006. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 09/936,286 Page 10 

Art Unit: 2155 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

KB 

February 22, 2007 



